Kaspersky announces 'death' of Coinvault, Bitcryptor ransomware

13,000 decryption keys unleashed.

The Coinvault and Bitcryptor ransomware are officially dead according to Kaspersky: the alleged authors have been arrested, and all 14,000 decryption keys released allowing victims to avoid paying ransoms to unlock their files.

The ransomware variants infected thousands of machines locking up valuable files and demanding victims pay attackers hundreds of dollars in Bitcoin to have the attack reversed.

Two alleged Coinvault and Bitcryptor authors were arrested 14 September in Amersfoort, The Netherlands.

Kaspersky boffins obtained the decryption keys during the investigations into the ransomware in which they assisted law enforcement.

"During our joint investigation we have obtained data that can help you to decrypt the files being held hostage on your PC," Kaspersky says.

"We are now able to share a new decryption application that will automatically decrypt all files for Coinvault and Bitcryptor victims.

"We are considering this case as closed. The ransomware authors are arrested and all existing keys have been added to our database."

Dead and buried: The decryption tool.

Kaspersky's tool forged in April was last week upgraded with more than 1300 additional keys marking an end to the ransomware.

Coinvault was known for allowing victims to decrypt one file for 'free' in a bid to demonstrate that ransom payments will result in the return of data.

Ransomware liberators Jornt van der Wiel and Santiago Pontiroli detailed how they built the tool noting that it used AES 256 and ran block cipher mode CFB. "This was all the information we needed to write our decryption tool," they said.

The death of Coinvault and Bitcryptor come as research suggests a single group could be behind the ultimate menace Cryptowall 3.0 which has resisted reverse and decrypting efforts. ®